Legal claims defining the scope of protection, as filed with the USPTO.
1. A wireless security method comprising: installing a security system within a selected geographic region, the security system comprising at least one sniffer device disposed within the selected geographic region, the selected geographic region comprising an authorized local area network; detecting wireless transmissions within the selected geographic region using the at least one sniffer device; determining identity of a radio interface present in the selected geographic region from the detected wireless transmissions, wherein information regarding coupling of the radio interface with an authorized communication device is not accessible to the security system; identifying from the detected wireless transmissions a wireless connection between the radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of the authorized local area network; detecting the identity of the radio interface in traffic over the wired portion of the authorized local area network; classifying the radio interface as being coupled with the authorized communication device based upon the identity of the radio interface being present both in the wireless transmissions and in the traffic over the wired portion; providing for allowing the radio interface to communicate with the authorized wireless access point and for disallowing the radio interface from communicating with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
2. The method of claim 1 wherein the radio interface comprises a wireless network interface card.
3. The method of claim 1 wherein the authorized communication device comprises at least a laptop computer or at least a PDA.
4. The method of claim 1 wherein the identity of the radio interface is a radio MAC address.
5. The method of claim 4 wherein the wireless transmissions comprise at least one IEEE 802.11 type frame and the radio MAC address is included in the IEEE 802.11 type frame.
6. The method of claim 1 wherein classifying the radio interface is free from manual interaction.
7. The method of claim 1 wherein the information regarding the coupling of the radio interface with the authorized communication device being not accessible to the security system is characterized by the identity of the radio interface being absent from a list of authorized MAC addresses which is accessible to the security system.
8. The method of claim 1 wherein the authorized wireless access point is adapted to perform an authentication process before allowing the radio interface to send data to the wired portion of the authorized local area network through the authorized wireless access point.
9. The method of claim 8 wherein the authentication process comprises verifying identity of the authorized communication device.
10. The method of claim 1 further comprising establishing that the authorized wireless access point does not use an open authentication process prior to the classifying.
11. The method of claim 1 further comprising establishing that the authorized wireless access point does not use a WEP shared key authentication process prior to the classifying.
12. The method of claim 1 further comprising establishing that the authorized wireless access point uses an 802.1x (EAP) authentication process prior to the classifying.
13. A wireless security method comprising: installing a security system within a selected geographic region, the security system comprising at least one sniffer device disposed within the selected geographic region, the selected geographic region comprising an authorized local area network; detecting wireless transmissions within the selected geographic region using the at least one sniffer device; determining identity of a radio interface present in the selected geographic region from the detected wireless transmissions; identifying from the detected wireless transmissions a wireless connection between the radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of the authorized local area network; establishing that the identity of the radio interface in absent from traffic over the wired portion of the authorized local area network; classifying the radio interface as being not coupled with an authorized communication device based upon the identity of the radio interface being absent from the traffic over the wired portion; providing for disallowing the radio interface from communicating with the authorized wireless access point and for allowing the radio interface to communicate with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
14. The method of claim 13 wherein the radio interface comprises a wireless network interface card.
15. The method of claim 13 wherein the authorized communication device comprises at least a laptop computer or at least a PDA.
16. The method of claim 13 wherein the identity of the radio interface is a radio MAC address.
17. The method of claim 16 wherein the wireless transmissions comprise at least one IEEE 802.11 type frame and the radio MAC address is included in the IEEE 802.11 type frame.
18. The method of claim 13 wherein classifying the radio interface is free from manual interaction.
19. The method of claim 13 wherein the authorized wireless access point is adapted to perform an authentication process before allowing the radio interface to send data to the wired portion through the authorized wireless access point.
20. The method of claim 13 wherein the authentication process comprises verifying identity of a communication device to which the radio interface is coupled.
21. A wireless security system comprising: at least one first interface for monitoring radio transmissions; at least one second interface for monitoring traffic in a wired network; and at least one computer readable medium coupled to the first interface and the second interface, the computer readable medium storing instructions executable by at least one processor to perform steps of: detecting wireless transmissions using the first interface; determining identity of a client radio interface present in the detected wireless transmissions, wherein information regarding coupling of the client radio interface with an authorized communication device is not accessible to the at least one processor; identifying from the detected wireless transmissions a wireless connection between the client radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of an authorized local area network; detecting the identity of the client radio interface in traffic over the wired portion of the authorized local area network using the second interface; classifying the client radio interface as being coupled with the authorized communication device based upon the identity of the client radio interface being present both in the wireless transmissions and in the traffic over the wired portion; and providing for allowing the client radio interface to communicate with the authorized wireless access point and for disallowing the radio interface from communicating with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
22. A wireless security system comprising: at least one first interface for monitoring radio transmissions; at least one second interface for monitoring traffic in a wired network; and at least one computer readable medium coupled to the first interface and the second interface, the computer readable medium storing instructions executable by at least one processor to perform steps of: detecting wireless transmissions using the first interface; determining identity of a client radio interface present in the detected wireless transmissions; identifying from the detected wireless transmissions a wireless connection between the client radio interface and an authorized wireless access point, the authorized wireless access point being adapted to act as traffic transfer point between a wired portion and a wireless portion of an authorized local area network; establishing using the second interface that the identity of the client radio interface is absent from traffic over the wired portion of the authorized local area network; classifying the client radio interface as not being coupled with an authorized communication device based upon the identity of the client radio interface being absent from the traffic over the wired portion; and providing for disallowing the client radio interface from communicating with the authorized wireless access point and for allowing the radio interface to communicate with an external wireless access point, wherein the external wireless access point acts as traffic transfer point between a wired portion and a wireless portion of a neighborhood local area network, the neighborhood local area network being distinct from the authorized local area network.
Unknown
May 4, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.